Missing SSL Certificate Validation in ASUS Vivobaby Application for Android
CVE-2017-17944

9.1CRITICAL

Key Information:

Vendor: Asus
Status: Vivobaby; Hivivo
Vendor: CVE Published:; 20 June 2019

Summary

The ASUS Vivobaby application for Android prior to version 1.1.09 exhibits a significant vulnerability due to missing SSL certificate validation. This oversight allows attackers to execute man-in-the-middle attacks, intercept sensitive data, and potentially manipulate communications between the application and its server. Users of the affected versions are urged to upgrade to the latest version to ensure that their data remains secure and encrypted during transmission.

References

http://firstsight.me/2017/12/lack-of-binary-protection-at...

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 20, 2019
Vulnerability Reserved
Dec 28, 2017